Mono with SQL Server Membership Provider? - asp.net

Apparently Mono replaces references to SQL Server membership provider with sqlite membership provider (see ASP.NET_Settings_Mapping). Is there any way to convince Mono to use SQL Server for the membership provider?
When I try to log in to my web app, I get the following:
System.Configuration.Provider.ProviderException: Operation aborted due to an exception (see Trace for details).
at System.Web.Security.SqliteMembershipProvider.ValidateUser (string,string) <0x003bb>
at DirectMail.Controllers.AccountMembershipService.ValidateUser (string,string) [0x00000] in [file].cs:404
at DirectMail.Controllers.AccountController.ValidateLogOn (string,string) [0x00040] in [file].cs:346
at DirectMail.Controllers.AccountController.LogOn (string,string,bool,string) [0x00000] in [file].cs:79
at (wrapper dynamic-method) System.Runtime.CompilerServices.ExecutionScope.lambda_method (System.Runtime.CompilerServices.ExecutionScope,System.Web.Mvc.ControllerBase,object[]) <0x001c1>
at System.Web.Mvc.ActionMethodDispatcher.Execute (System.Web.Mvc.ControllerBase,object[]) <0x00028>
at System.Web.Mvc.ReflectedActionDescriptor.Execute (System.Web.Mvc.ControllerContext,System.Collections.Generic.IDictionary`2<string, object>) <0x0015b>
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod (System.Web.Mvc.ControllerContext,System.Web.Mvc.ActionDescriptor,System.Collections.Generic.IDictionary`2<string, object>) <0x00036>
at System.Web.Mvc.ControllerActionInvoker/<InvokeActionMethodWithFilters>c__AnonStoreyB.<>m__E () <0x00092>
at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter (System.Web.Mvc.IActionFilter,System.Web.Mvc.ActionExecutingContext,System.Func`1<System.Web.Mvc.ActionExecutedContext>) <0x00125>
The top of the file /usr/local/etc/mono/4.0/settings.map on one Debian Linux machine is:
<?xml version="1.0" encoding="utf-8" ?>
<settingsMap>
<map sectionType="System.Web.Configuration.MembershipSection, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
mapperType="Mono.Web.Util.MembershipSectionMapper, Mono.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=0738eb9f132ed756"
platform="Unix">
<!-- The 'what' tag specifies which region of the section to modify. The 'value' attribute value is mapper-specific and is not defined here. It can be
any expression understood by the mapper to designate the section region to modify.
-->
<what value="providers">
<!-- 'what' can contain any number of occurrences of any three elements:
replace - replace the designated region
add - add a new entry to the region
clear - clear the region
remove - remove the designatedregion
The attributes to any of the above are freeform and are not processed by the mapper manager. They are stored verbatim for the
mapper to peruse.
-->
<replace name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqliteMembershipProvider, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="LocalSqliteServer" />
</what>
</map>
<!-- ... -->

On the ASP.NET Settings Mapping page that you linked to, in the section titled "Inhibiting the settings mapping", it says that adding:
<appSettings>
<add key="MonoAspnetInhibitSettingsMap" value="anything"/>
</appSettings>
to your app's Web.config file will disable settings mapping. I found, however, that value "anything" does not work. If I use the value "true" instead, then it does:
<appSettings>
<add key="MonoAspnetInhibitSettingsMap" value="true"/>
</appSettings>

This must be a misconfiguration because an implemented sqlmembershipprovider exists for Mono 2.0. It is using a DBProviderFactory to obtain a connection. A SqlClient implementation is also there so that only leads to the conclusion that the web.config for the website is not correct, which is not unthinkable because sqlclient and sqlite almost looks the same in an overcrowded web.config.
If anyone can post that one, that might clarify the problem at hand.

Related

How to use ASP.NET 4.8 ConfigBuilders with system.serviceModel section of web.config

I have an ASP.NET 4.8 app that I am trying to integrate configuration builders into. I have installed the NuGet package Microsoft.Configuration.ConfigurationBuilders.Environment and added the required sections to Web.config (heavily truncated here).
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<section name="configBuilders" type="System.Configuration.ConfigurationBuildersSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" restartOnExternalChanges="false" requirePermission="false"/>
</configSections>
<configBuilders>
<builders>
<add name="EnvironmentExpand" mode="Expand" type="Microsoft.Configuration.ConfigurationBuilders.EnvironmentConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Environment" />
</builders>
</configBuilders>
<system.serviceModel configBuilders="EnvironmentExpand">
....
</system.serviceModel>
</configuration>
When I run the application I get an HTTP 500 response from every action, with the message Unrecognized attribute 'configBuilders'. Intellisense in Visual Studio also highlights configBuilders and says The configBuilders attribute is not allowed.
If I remove the configBuilders attribute from system.serviceModel the application runs correctly although of course none of the placeholders in that section are expanded.
If I remove the configBuilders attribute from system.serviceModel and add it to another section, for instance connectionStrings, the application runs and the placeholders in the connectionStrings section are replaced.
Clearly there's something different about the system.serviceModel section but I don't understand what or how I can work around it so that I can replace placeholders in there.
If you look at your machine.config, you'll see that system.serviceModel is a sectionGroup and not a section. ConfigurationBuilders only apply at the section level. WCF and ASP.Net for better or worse have their large configuration divided into multiple sections.

Encrypted config section plus BCL.Build

I'm trying to update LinqKit in an ASP.Net 4.0 Web Application which uses encrypted config sections to obfuscate the connectionstrings section. We also use config transforms.
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<configProtectedData>
<providers>
<add keyContainerName="FooBarKeys" useMachineContainer="true" description="Uses RsaCryptoServiceProvider to encrypt and decrypt" name="FooBarProvider" type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</configProtectedData>
<connectionStrings configProtectionProvider="FooBarProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
...
For projects targeting .Net 4.0, LinqKit 1.1.7+ depends on Microsoft.Bcl.Async, and Microsoft.Bcl.Build is required in any projects referencing class libraries which use Microsoft.Bcl.Async.
When I build, I get this error:
The "EnsureBindingRedirects" task failed unexpectedly.
System.Xml.XmlException: App.config must have root configuration element. Line 2, position 2.
at Roxel.BuildTasks.EnsureBindingRedirects.ThrowXmlException(String message, Exception inner, IXmlLineInfo info)
at Roxel.BuildTasks.EnsureBindingRedirects.LoadAppConfig(String appConfigPath)
at Roxel.BuildTasks.EnsureBindingRedirects.Execute()
at Microsoft.Build.BackEnd.TaskExecutionHost.Microsoft.Build.BackEnd.ITaskExecutionHost.Execute()
at Microsoft.Build.BackEnd.TaskBuilder.<ExecuteInstantiatedTask>d__26.MoveNext()
File: packages\Microsoft.Bcl.Build.1.0.21\build\Microsoft.Bcl.Build.targets line 97
If I change <configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0"> to <configuration>, I get XML validation warnings for web.config:
The 'keyContainerName' attribute is not allowed.
The 'useMachineContainer' attribute is not allowed.
The 'description' attribute is not allowed.
The 'configProtectionProvider' attribute is not allowed.
The element 'connectionStrings' has invalid child element 'EncryptedData' in namespace 'http://www.w3.org/2001/04/xmlenc#'. List of possible elements expected: 'add, remove, clear'.
I tried using <configuration xmlns:c="http://schemas.microsoft.com/.NetConfiguration/v2.0">, with <c:configProtectedData> and <c:connectionStrings>. This validates, but fails at runtime:
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.
Error Code 0x80070032
Config Error The configuration section 'c:configProtectedData' cannot be read because it is missing a section declaration
Config Source:
5: </configSections>
**6: <c:configProtectedData>**
7: <providers>
How do I use these libraries in a .Net 4.0 Web App such that it builds, has a valid web.config and runs?

From where i can find the PublicKeyToken & Version for my <membership> <providers>

I am working with an asp.net mvc web application, and i need to connect to remote domain, so i added the following to my web.config:-
<membership>
<providers>
<add name="TestDomain1ADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="TestDomain1ConnectionString" connectionUsername="....." connectionPassword="....." />
but i am not sure what does Version and PublicKeyToken represetns and from where i can find them ? and if i do not specify these values will my provider be valid ?
Thanks
As that's a regular framework assembly, it will be deployed on GAC; to discover full assembly name you can access that class documentation on MSDN.
There you'll find that class resides on System.Web assembly. Now you can navigate to c:\windows\assembly folder and locate the assembly which matches desired version, right click it and copy the public key token.
Is that information doesn't match the version and public key token on your web.config file, .NET framework can't locate it and, you'll get a missing assembly exception.

using connectionstring from web.config instead of app.config

I have a class library project in which I've added a dataset which talks with sql server. The output of this project is to be consumed from a web application project. So I intend to put my connection string in the web application project.
Did a couple of things. In order to make my adapter use a different connection string, I had come across this. But I finally found doing the following convenient:
Dim adapter as New MyReqeustTableAdapter()
adapter.Connection.ConnectionString = sMyConnectionString
Then I tried taking the connection string from my configuration (app.config) to kind of simulate . I added a section manually with key "myconstr". My ideas was to do something like:
sMyConnectionString = ConfigurationManager.ConnectionString("myconstr").ConnectionString
But my intellisense couldn't not detect ConfigurationManager. So had to add the appropriate reference to the project.
Next I added a connection string via the settings designer for the web application project. I gave the above key for referencing it. However the above statment seems to throw a null reference exception.
Suppose you have created a class library. In it you've defined a Settings property which goes like:
Properties.Settings.Default.ProjectName
Visual Studio might auto generate some configuration for you as follows:
(app.config)

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<configSections>
<sectionGroup name="applicationSettings" type="System.Configuration.ApplicationSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >
<section name="MyDllProject.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
</sectionGroup>
</configSections>
<applicationSettings>
<MyDllProject.Properties.Settings>
<setting name="ProjectName" serializeAs="String">
<value>MyDllproject</value>
</setting>
</MyDllProject.Properties.Settings>
</applicationSettings>
</configuration>
Now say you add this assembly to an project. And you access its settings, you'd most probably get MyDllproject as it value. This is in spite of adding any configuration. Why? Because when the assembly was generated it was kind of written into it. And the code written is such that in the absence of a configuration override use what was defined in the app.config at the time of generation.
Now in your target project, you simply add the necessary sections in the configuration file in the following pattern
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<configSections>
<sectionGroup name="applicationSettings" type="System.Configuration.ApplicationSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >
<!-- start: copied from app.config of class library -->
<section name="MyDllProject.Properties.Settings"
type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false"
/>
<!-- end: copied from app.config of class library -->
<!-- other sections may follow -->
</sectionGroup>
</configSections>
<applicationSettings>
<!-- remember to maintain the same order as how it was defined in the sectionGroup -->
<!-- start: copied from app.config of class librarly -->
<MyDllProject.Properties.Settings>
<setting name="ProjectName" serializeAs="String">
<value>ConsoleProjectB</value>
</setting>
</MyDllProject.Properties.Settings>
<!-- end: copied from app.config of class library -->
<!-- other configurations settings may follow -->
</applicationSettings>
</configuration>
Thats it.
Here is a small project sample I've linked to for the same: http://sdrv.ms/16ksPef
you can add reference to System.Web and use System.Web.Configuration.WebConfigurationManager.ConnectionStrings["myConnectionString"].ConnectionString) from the class library project
A configuration file (app.config) which is defined in a class library project cannot be - automatically - consumed by the system. The only config file that can be consumed is the web.config file in web applications or *myexe.exe*.config in exe applications where exe file is *myexe.exe*.
So you seem to be trying to add app.config to the class library. That ain't gonna work.
It is possible to link a second config file to the web.config but that probbaly is no help to you.
Basically, what you need is a possibility to change a global parameter of your library from outside. Using app.config by itself does not give you that possibility straight away -- you have not exposed your library internal settings yet. With that in mind, one very straightforward way to achieve exposure is to create in your library an assigner for the app.config.
public static class Setter
{
public static void Set(string name, string value)
{
Properties.Settings.Default[name] = value;
}
}
Then, at web application start in global.asax, or elsewhere:
MyLibrary.Setter.Set("X", ConfigurationManager.ConnectionStrings["Y"].ConnectionString);
From your question I think you're building an n-layered application. I think you're better off the two options you mentioned.
You should just create a base class for your DAL (Data Access Layer) classes that will have a public property that contains that the connection string.
btw it will help you hide/secure your connection string instead of storing it in a file that could be easily read by anyone who have or gained access to your host
public class DALBase
{
public static string connString
{
get { return "Data Source=localhost\\SqlExpress;Initial Catalog=theDb Integrated Security=True"; }
}
}

Encrypting externally stored App blocks with exportable Key Provider

I have been trying for quite a while to figure out how to encrypt Application blocks that are stored in an external file called dev_entlib.config
I can see in entlib (4.1) that it's possible to use the default protection providers to encrypt the blocks but, I really need to deploy this Application on different servers and thus I would need to export the keyProvider used to encrypt the application blocks to those servers.
What I've done so far is to add a custom Protected Configuration Provider to the machine.config file in the .net v2.0* whatever folder (and all the target servers)
the custom provider is like this
<add name="MyCompanyProvider"
type="System.Configuration.RsaProtectedConfigurationProvider,
System.Configuration, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a,
processorArchitecture=MSIL"
keyContainerName="MyKey"
useMachineContainer="true" />
that sits nicely beside the other default providers and even has design time support in the Entlib config tool. I then choose the protection provider for each block I want to encrypt.
Looking at the dev_entlib.config, shows that indeed the block was encrypted with my provider. My provider uses my key container. Therefore the block should be encrypted using my key container. I then Export "MyKey" to an xml file using:
c:\Windows\Microsoft.NET\Framework\v2.0.50727>aspnet_regiis.exe -px "MyKey" "C:\keys.xml" -pri
Exporting RSA Keys to file...
Succeeded!
This key file is then copied to my sysTest server where it is imported and has access rights granted to "NT Authority\Network Services" and "ASPNET"
I then copy over my encrypted web.config and dev_entlib.config and try to display the connection strings in a small page which uses .net ConfigurationManager to get the ConnectionStrings collection and display them on the page. This page is running under IIS and the identity of the process is "NT Authority\Network Services".
The problem is, that it doesn't work! There are bad data errors or "failed to decrypt using provider MyCompanyProvider".
This approach seems to make logical sense to me but it still fails.
Does anyone have another suggestions?
Encrypt external Enterprise Library configuration files with your custom RSA key container using the Enterprise Library Configuration tool.
EntLib (4.1) uses the default protection provider RsaProtectedConfigurationProvider. But it is possible to remove this provider within your configuration file and replace it with your own with the same name which can then point to your custom key provider: "MyKey".
You should add this configProtectedData section in the configuration file that has the region that you want to encrypt (e.g. your external file: *dev_entlib.config*). You do not need to modify the machine.config file at all.
You can then choose the RsaProtectedConfigurationProvider from the Enterprise Library Configuration application for the Data Access Application Block ProtectionProvider.
You have to open this EntLibConfig.exe with Run as administrator if you are on Vista, Windows 7, Windows 2008.
Otherwise you will get an error:
Failed to encrypt the section 'connectionStrings' using provider 'RsaProtectedConfigurationProvider'. Error message from the provider: Object already exists.
You can then copy this encrypted *dev_entlib.config* along with the web.config configuration file to your sysTest server. Open up the web.config file with Enterprise Library Configuration tool on that sysTest server should not get the error:
Failed to decrypt using provider 'RsaProtectedConfigurationProvider'. Error message from the provider: Bad Data.
web.config
This file is pretty much empty and just points to the external Data Configuration file:
<!-- web.config -->
<configuration>
<configSections>
<section name="enterpriseLibrary.ConfigurationSource" type="Microsoft.Practices.EnterpriseLibrary.Common.Configuration.ConfigurationSourceSection, Microsoft.Practices.EnterpriseLibrary.Common, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</configSections>
<enterpriseLibrary.ConfigurationSource selectedSource="External Data Configuration File Source">
<sources>
<add name="External Data Configuration File Source" type="Microsoft.Practices.EnterpriseLibrary.Common.Configuration.FileConfigurationSource, Microsoft.Practices.EnterpriseLibrary.Common, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
filePath="dev_entlib.config" />
</sources>
</enterpriseLibrary.ConfigurationSource>
</configuration>
dev_entlib.config
This file has the connection strings and the protection provider with which it should be encrypted with:
<!-- dev_entlib.config -->
<configuration>
<configSections>
<section name="dataConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Data.Configuration.DatabaseSettings, Microsoft.Practices.EnterpriseLibrary.Data, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</configSections>
<dataConfiguration defaultDatabase="MyConnectionStringName" />
<connectionStrings>
<add name="cnHnicMediaLibrary" connectionString="Server=MyDbServer; Database=MyDbName; Integrated Security=SSPI"
providerName="System.Data.SqlClient" />
</connectionStrings>
<configProtectedData>
<providers>
<remove name="RsaProtectedConfigurationProvider" />
<add name="RsaProtectedConfigurationProvider"
keyContainerName="MyKey"
useMachineContainer="true"
description="Uses our own encryption key container so that it will work in a Web Farm setting. We need to trick Enterprise Library, which wants to use the default RsaCryptoServiceProvider to encrypt and decrypt, by replacing this default provider with our own while this configuration is processed!"
type="System.Configuration.RsaProtectedConfigurationProvider, System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</configProtectedData>
</configuration>
Based on:
http://entlib.codeplex.com/discussions/237555 (AvanadeSupport, Dec 8 2010 at 11:37 PM)
http://entlib.codeplex.com/discussions/10300 (shane2007, Jul 9 2007 at 1:15 PM)
http://entlib.codeplex.com/discussions/213998 (need to change the version back to 2.0.0.0)
I hope that this described the error message that you had and how to fix it.
It doesn't seem to be possible yet. My solution is to just encrypt the blocks as part of the web.config and then copy and paste those blocks into an external entLib.config file. These block should then be able to be decrypted on the target servers with the exported key.

Resources